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REMARKS 

Claims 1-61 are pending in the appHcation and stand rejected. 
Claim objections 

Claim 42 stands objected to for an alleged grammatical ambiguity perceived by the 
Examiner. Applicants respectfully disagree and insist that the language of the claim is clear and 
correct and respectfully request the Examiner to withdraw this objection as it appears to be based 
on nothing more than the Examiner's o\yn stylistic preferences. 

Rejection under 35 U.S.C §101 

Claims 1, 6, 7, 24 and 42 stand rejected under 35 U.S.C. 101 in view of the Examiner 
unexpected (given that this is the fourth time he has examined the very same claims) 
announcement that "the claimed subject matter is merely drawn to a collection of data fields - 
for example, the integrity metrics and trust levels (e.g., level 1, 2 and so on) which are merely 
non-functional descriptive material and as such the claimed subject matter fails to produce the 
useful and tangible results." Applicants respectfully disagree. 

Claim 1 is directed to a computer apparatus that comprises two devices: a receiver, and a 
controller. As immediately apparent to anyone skilled in the art and furthermore made 
abundantly clear in the specification, these hardware devices operate in accordance with their 
specific programming, and it is the novel and inventive tasks that this programming msut cary 
out in accordance with the present invention that are recited in the claims (e.g., for the receiver, 
receiving an integrity metric for a computer entity via a trusted device associated with the 
computer entity). The claim does not recite any hardware characteristics for either of these 
components because they are irrelevant to the invention, as those skilled in the art will readily 
recognize. 

Similarly, claim 6 is directed to a method that recites specific actions such as receiving 
and assigning. The balance of the claims are also directed to either an apparatus or a method, 
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either of which have been addressed above. Applicants thus respectfully submit that the 
Examiner's opinion is simply not tenable in view of the plain language of the claims, that the 
Examiner is clearly ignoring clearly recited claim elements, and request the Examiner to kindly 
reconsider and withdraw this rejection. 

Rejection under 35 U.S.C §103 

Claims 1-9, 11-19, 22-26, 28-37, 42-44, 46-55, 60 and 61 stand rejected under 35 U.S.C. 
103(a) as being unpatentable over U.S. Pat. No. 6,41 5,280 to Farber et al. in view of U.S. Pat. 
No. 6,678,833 to Grawrock. Applicants respectfully disagree, as elaborated upon below. 

With respect to AppUcants' claim 42, the Examiner alleges that Farber teaches all of the 
claimed limitations with the exception of disclosing expressly the trusted device, asserts that 
Grawrock' s TPM "is considered as the trusted device," and opines that it would have been 
obvious to the skilled person "to combine the teaching of Grawrock within the system of Farber 
because (a) Farber teaches providing a resource integrity checking mechanism by validating the 
integrity metric stored at the remote trusted party and the one reported by the local processor. . . 
and (b) Grawrock teaches the integrity metric reported by the local processor should be carried 
out by the trusted device to ensure the reported data is indeed trustworthy without the reliance on 
any intervening devices." As in previous Actions, the Examiner once again combines references 
in a disjointed and self-contradictory manner that is simply not supported by the references 
themselves. 

Applicants note, once again, that claim 42 very specifically recites that the integrity 
metric is (a) calculated for the entity by the trusted device and (b) containing values indicative of 
one or more characteristics of the entity. Presently, the Examiner states (1) that Farber teaches 
such an integrity metric because "the True Name - i.e. the MD (Message Digest), signature/hash 
value, of a data block - is interpreted as the integrity metric," and (2) that Grawrock also teaches 
precisely the same integrity metric at col. 2 11. 5-6 and col. 4 IL 7-9: "the hash value." The 
Examiner is (A) wrong on both accounts, and (B) self contradictory. 
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(A) (1) Farber is directed to method for delivering content or data items that are 
distributed across a network. These items of data are given "true names" based upon a digest of 
the data item itself; as the Examiner himself acknowledges, "the True Name - i.e. the MD 
(Message Digest), signature/hash value, of a data block - is interpreted as the integrity metric." 
Thus, the alleged "integrity metric" disclosed by Farber clearly is not (a) calculated for the entity 
by the trusted device because there is no trusted device taught by Farber as acknowledged 
explicitly by the Examiner, nor (b) containing values indicative of one or more characteristics of 
the entity because the true name of Farber is a digest of a data item and has nothing whatsoever 
to do with the computer entity that may be holding that item or any other computer entity 

(A) (2) The hash value taught by Grawrock at col, 2 11. 5-6 is nonexistent (this passage 
discusses binding the TPM to a boot memory block), and at col. 4 11. 7-9 is limited to the 
following cryptic passage: "these modules 340, 350 and 360 can undergo a hash operation to 
produce corresponding identifiers 345, 355 and 365 for later use in verification by a challenger." 
There is absolutely no mention anywhere else in Grawrock of these identifiers 345, 355 and 365. 
Furthermore, the Examiner once again insists on equating Grawrock' s TPM with the claimed 
trusted device, forcing the Applicants to once again ask: what then corresponds to the claimed 
computer entity with which the TPM is associated? Applicants submit, once again, that there is 
nothing in Grawrock that teaches, explicitly or even implicitly, (a) that the TPM, regardless of 
whether it is trusted or not, is associated with a computer entity and that it calculates an integrity 
metric for this nonexistent computer entity, nor (b) that the alleged integrity metric ("hash 
value") containing values indicative of one or more characteristics of the (nonexistent) computer 
entity. 

(B) The Examiner alleges that both Farber and Grawrock teach the claimed integrity 
metric. As discussed immediately above, the disclosures relied upon by the Examiner in the two 
references are directed to completely different items: a digest of a data item, and the result of a 
"hash operation" on a software module. Thus, Applicants are forced to ask: which one is it, 
really? These two items have nothing in common, and to allege that they both disclose the same 
claimed element only belies the Examiner's position. 
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The above is only reinforced by the alleged motivation offered by the Examiner to 
attempt to combine the two references. The Examiner's reasoning that "(a) Farber teaches 
providing a resource integrity checking mechanism by validating the integrity metric stored at 
the remote trusted party and the one reported by the local processor. . . and (b) Grawrock teaches 
the integrity metric reported by the local processor should be carried out by the trusted device to 
ensure the reported data is indeed trustworthy without the reliance on any intervening devices" 
is, once again, self contradictory. How can Farber teach "validating the integrity metric stored at 
the remote trusted party and the one reported by the local processor" if there is no trusted party in 
Farber, as very clearly acknowledged by the Examiner? Furthermore, what does this "resource 
integrity checking mechanism," which is clearly directed to verifying the integrity of data items , 
have to do with an integrity metric calculated for a computer entity by a trusted device 
associated with the entity and containing values indicative of one or more characteristics of the 
computer entity? 

As for the Examiner's assertion that "Grawrock teaches the integrity metric reported by 
the local processor should be carried out by the trusted device to ensure the reported data is 
indeed trustworthy without the reliance on any intervening devices," Applicants can only reply, 
huh? What "reported data?" What data? Reported by what to where? What local processor? The 
hash operation on the software modules of the TPM (the alleged "trusted device") is clearly 
carried out by the TPM itself, so once again, what in Grawrock is the computer entity that the 
trusted device/TPM is associated with? Is it this "local processor" and if so, what/where is it? 

This is the fourth office action issued by the Examiner in what has become an extremely 
costly effort for Applicants, both in financial terms and the remaining lifetime of any patents that 
will ultimately issue off this application. The Examiner insists on interpreting claim terms in 
ways that are clearly against the teachings of the specification, the meaning generally accepted in 
the art, and oftentimes against common sense itself. Any fiirther delay of this application caused 
by the Examiner's obvious failure to ftxlly and completely read the present application as well as 
the cited prior art documents will be met with the strongest possible reply at the highest 
administrative levels of the PTO. Applicants have expended more than sufficient resources and 
period of protection in attempt after attempt to educate the Examiner and patiently explain what 
is only too apparent to one reading the specification. Applicants once again, and strongly. 
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demand that the Examiner read the claims - carefully, read the specification - thoroughly, read 
the prior art on record - fiiUy, reconsider, and pass claim 42 to issue. 

The Examiner appears to reject claims 1, 6, 7 and 24 on the same exact basis as claim 42. 
This is not only incorrect, as shown above, but insufficient given that these claims contain 
limitaitosn that are not found in claim 42 and which the Examiner does not deign to address. 
Claim 7, for instance, recites requesting a trusted device associated with a computer entity to 
provide an integrity metric calculated for the entity by the trusted device and containing values 
indicative of one or more characteristics of the entity; receiving a response fi-om the trusted 
device including an integrity metric calculated for the entity by the trusted device; comparing 
values in the integrity metric calculated for the entity by the trusted device with authenticated 
values provided for the entity by a trusted party; and selecting a level of trust for the entity fi-om 
a plurality of predefined levels of trusts based on at least one value in the integrity metric 
calculated for the entity by the trusted device. As already shown above, there is no disclosure 
related to anything akin to the claimed integrity metric in either Farber or Grawrock. This 
omission not withstanding, Applicants fiirther ask, where does either reference teach the claimed 
requesting such an integrity metric? Receiving the response? Comparing received with 
authenticated values? Selecting a level of trust based on at least one received value? Yet again, 
Applicants plead with the Examiner to read the claim in its entirety and yet again, submit that 
claim 7, as well as claims 1, 6 and 24, are allowable over the art for, inter alia, the same reasons 
as those set forth in proving the allowability of claim 42, and respectfiiUy urge the Examiner to 
pass these claims to issue as well. 

Claims 2-5 depend from claim 1, 8-23 depend from claim 7, claims 25-41 depend from 
claim 24, and 43-61 depend from claim 42. "If an independent claim is nonobvious under 35 
U.S.C. 103, then any claim depending therefrom is nonobvious." In re Fine, 837 F.2d 1071, 5 
USPQ2d 1596 (Fed. Cir. 1988). Therefore, in light of the above discussion of claim 42, 
Applicants submit that claims 2-5, 8-23, 25-41 and 43-61 are also nonobvious and allowable and 
therefore are not individually addressed elsewhere herein. 

In view of the above, Applicants submit that the application is now in condition for 
allowance and respectfully urge the Examiner to pass this case to issue. 
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A The Commissioner is authorized to charge any additional fees which may be required or 
^4dit overpayment to deposit account no. 08-2025. In particular, if this response is not timely 
^ed, the Commissioner is authorized to treat this response as including a petition to extend the 
time period pursuant to 37 CFR 1.136(a) requesting an extension of time of the number of 
months necessary to make this response timely filed and the petition fee due in connection 
therewith may be charged to deposit account no. 08-2025. 
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